Andrea Barisani
@andreabarisani.bsky.social
350 followers 78 following 140 posts
hacker | tamagopher | https://andrea.bio
Posts Media Videos Starter Packs
Pinned
andreabarisani.bsky.social
Welcome new followers!

I am a security researcher known for the USB armory and TamaGo project among other things.

I enjoy finding unconventional ways to secure things once and for all.

andrea.bio

github.com/abarisani
andreabarisani.bsky.social
I just released go-boot v1.1 which brings in the now mature EFI Simple Network support.

Compile with NET=1 DEBUG=1 and you can use go `trace`, `pprof` or even statsviz visualization against a pure Go UEFI application!

github.com/usbarmory/go...
Release go-boot v1.1 · usbarmory/go-boot
This is a release of the go-boot unikernel which implements a UEFI Shell and OS loader for AMD64 platforms, implemented bare metal Go using the TamaGo framework. The unikernel is an UEFI applicatio...
github.com
andreabarisani.bsky.social
Following go1.25.2, I've just released tamago-go1.25.2 and tamago v1.25.2.

This release comes to you directly from Google HQ in Sunnyvale, as I attend the OSFC and UEFI Developer conferences!

github.com/usbarmory/ta...

github.com/usbarmory/ta...
andreabarisani.bsky.social
First ever boot of a TamaGo unikernel in the cloud, here on Google Cloud Compute Engine, automatically deployed from remote userspace!

Looking forward to polish and publish this.
andreabarisani.bsky.social
Thanks to TamaGo it took me less than 5 minutes to integrate Gemini AI in my UEFI bootloader.

Is this the first ever AI capable boot manager? Probably?

Shall I feel guilty? Most definitely!

I cannot underestimate how enabling TamaGo is.
andreabarisani.bsky.social
Pro tip: the most important tool to help, or give hell to, developers of safe IRQ handling on SMP systems is `ping -f`.
andreabarisani.bsky.social
I am SSH'ing in my gaming PC bootloader to start Windows remotely.

I am so grateful to the gVisor team for allowing me to put their pure Go TCP/IP stack on the bare metal.

All of this is now in go-boot@development and will be part of v1.1:

github.com/usbarmory/go...
GitHub - usbarmory/go-boot at development
The bare metal Go UEFI boot manager. Contribute to usbarmory/go-boot development by creating an account on GitHub.
github.com
andreabarisani.bsky.social
"Timing Side-Channel Attacks on USB Devices Using eBPF"

What a cool spin on Armory/GoKey/Tamago, used as experimental testbed in this paper.

secloud.ing.unimore.it/shared/paper...
andreabarisani.bsky.social
Screw PXE, this means the entire Go TLS and networking stack is available under UEFI.

In seconds I added DHCP and an SSH server to remotely manage my pre-boot environments.

I see much potential.
andreabarisani.bsky.social
Adding networking to go-boot through UEFI Simple Network Protocol.

It took 77 LOCs of pure Go to add the UEFI driver and bridge it to gVisor stack.
andreabarisani.bsky.social
Adding networking to go-boot through UEFI Simple Network Protocol.

It took 77 LOCs of pure Go to add the UEFI driver and bridge it to gVisor stack.
andreabarisani.bsky.social
I am so humbled by the two @gophercon.com talks which touched TamaGo this year!

Andrew Williams is porting Fyne to TamaGo, which means bare metal GUI in UEFI with go-boot!

Patricio Whittingslow talked about our upstreaming proposal and its generic “noos” API.

❤️

Shall I submit next year?
andreabarisani.bsky.social
Work on porting TamaGo to ARM64 has begun!

The Go runtime changes are complete and original distribution tests are passing.

github.com/usbarmory/ta...
Reposted by Andrea Barisani
jrn.bsky.social
Today I have a more serious topic than usual, please consider reposting for reach:

My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
andreabarisani.bsky.social
TamaGo 1.24.6 has been released with SMP support!

Given the number of supported platforms and architectures this also marks the beginning of release notes for both tamago-go and tamago repositories.

github.com/usbarmory/ta...

github.com/usbarmory/ta...
andreabarisani.bsky.social
Testing tamago/amd64 upcoming SMP support.
andreabarisani.bsky.social
With a single statement, Go now allows FIPS 140-3 mode.

This effortlessly aids compliance in bare metal TamaGo applications, whether used as bootloaders, TEEs or application unikernels.

go.dev/doc/security...
andreabarisani.bsky.social
There is now a first working SMP implementation for tamago/amd64.

It surprisingly results in LOC reduction in tamago-go as more existing code is re-used.

There'ss still work to be done, but here's tamago-example spreading its test goroutines across different CPUs (red vs green)
andreabarisani.bsky.social
My TamaGo SMP support effort can be followed in this PR.

Additional cores bootstrap is now fully polished.

Next up: handing goroutines to the awaken extra cores!

It feel crazy awesome to send Inter-Processor Interrupts in pure Go but hey...life choices.

github.com/usbarmory/ta...
amd64: SMP support by abarisani · Pull Request #51 · usbarmory/tamago
This PR adds initial SMP support to TamaGo amd64 package by implementing the following: amd64.InitSMP function for initialization of supplemental cores (i.e. Application Processors) use of amd64.I...
github.com
andreabarisani.bsky.social
TamaGo SMP support for x86_64 is progressing.

I just bootstrapped an SMP secondary core (AP) within TamaGo!

It involved starting the CPU and switching from real-mode to long-mode directly.

All of this in Go assembly which, with some caveats, amazingly be used in 16-bit mode.